SINGAPORE: A 42-year-old man fell victim to an impersonation scam after he inadvertently accessed a fake “WhatsApp Web” phishing link on Oct 29.
The man, who wanted to be known only as Fidie and who works at a construction firm, clicked on the first search result for “WhatsApp Web” on a Google search, not realising that this was not the official site.
He scanned the QR code there, which allowed scammers to log into his account from their own device.
Pretending to be Fidie, they contacted 10 of his colleagues, including his boss, asking that they urgently lend “him” thousands of dollars for a family emergency.
One colleague fell for the ruse, and transferred S$1,000 (RM3,495) to a bank account designated by the scammers within half an hour of being asked.
He did not check with Fidie, even though the scammers’ messages were in English and not Malay, which Fidie typically uses to communicate with him.
Fidie told The Straits Times that he felt bad that his colleague, who has four young children, lost money to the scam and has repaid him. “We trust each other,” he said.
The scammers’ activities happened without Fidie’s knowledge, as the scammers had archived the chats – hiding them from Fidie’s list of WhatsApp chats – so he could not see what was going on.
He found out he had been scammed only a day after accessing the phishing link, when another colleague contacted by the scammers noticed that the language used was uncharacteristic of Fidie, and brought it to his attention.
Fidie quickly informed everyone he knew about the scam, and was told of the S$1,000 (RM3,495) loss.
The police have issued two advisories in the past month, warning of “WhatsApp Web” phishing links that open the door to impersonation scams.
From Nov 1 to 13 alone, such scams have claimed at least 93 victims and caused S$176,000 (RM615,268) in losses.
One of these victims is a 37-year-old accountant who wanted to be identified only as KY.
A frequent user of “WhatsApp Web” at work, she unknowingly accessed a phishing link to the site on Nov 1 – the first link that she saw on a Google search.
She recalled that her first attempt at scanning the QR code on the fake site failed, but she did not think too much of it and simply scanned it a second time.
The first scan would have given the scammers access to her account.
The scammers waited three days before asking two of her close friends for money for an “aunt” who was in hospital. They even addressed the friends by nicknames that KY typically uses in their WhatsApp chats, and also uploaded a picture of a woman lying on a hospital gurney.
One of KY’s long-time friends quickly sent S$3,000 (RM10,487) to the scammers, as she was worried that KY needed the money urgently.
As with Fidie, the scammers covered their tracks, and KY found out about the scam only when she returned a missed call from the friend.
“This was my first time encountering such a scam, so I was not on my guard,” said KY.
To guard against such scams, the police advise members of the public to enable two-step verification on their WhatsApp accounts, and check that they are using the official WhatsApp Web website (https://web.whatsapp.com) or desktop app.
They also advise users to review their WhatsApp-linked devices regularly, and to beware of unusual requests received via WhatsApp.
“Now, I don’t dare to use WhatsApp Web any more,” said Fidie.
He decided to speak to the media about his case to raise awareness about such scams.
His advice: “Always double-check the URL, don’t be like me.” – The Straits Times (Singapore)/Asia News Network